System and method for multitenant execution of OS programs invoked from a multitenant middleware application

ABSTRACT

In accordance with an embodiment, described herein is a system and method for supporting multitenant execution of a tenant-unaware program invoked from a multitenant middleware application. An exemplar method can provide, at one or more computers, including an application server environment executing thereon, a plurality of partitions, and a plurality of tenant-aware programs, wherein each of the plurality of tenant-aware programs is associated with a partition. The method can associate each of the plurality of partitions and the plurality of tenant-aware programs with a tenant of a plurality of tenants. The method can invoke the tenant-unaware process from a calling partition of the plurality of partitions, and collect tenancy information about the calling tenant. Based upon the collected tenancy information, the method can scope execution of the tenant-unware process to the calling tenant by launching the tenant-unware process as a containerized process.

CLAIM OF PRIORITY

This application is a continuation of U.S. patent application titled“SYSTEM AND METHOD FOR MULTITENANT EXECUTION OF OS APPLICATIONS INVOKEDFROM A MULTITENANT MIDDLEWARE APPLICATION,” application Ser. No.15/059,193, filed Mar. 2, 2016, which claims the benefit of priority toU.S. Provisional Application titled “SYSTEM AND METHOD FOR TENANT SCOPEDEXECUTION OF OS PROGRAMS INVOKED FROM A MULTITENANT MIDDLEWAREAPPLICATION”, Application No. 62/245,611, filed Oct. 23, 2015, whichapplications are herein incorporated by reference; and is related toU.S. patent application titled “SYSTEM AND METHOD FOR SUPPORTINGMULTI-TENANCY IN AN APPLICATION SERVER, CLOUD, OR OTHER ENVIRONMENT”,application Ser. No. 14/601,883, filed Jan. 21, 2015; and U.S. patentapplication titled “SYSTEM AND METHOD FOR SUPPORTING PARTITIONS IN AMULTITENANT APPLICATION SERVER ENVIRONMENT”, application Ser. No.14/748,094, filed Jun. 23, 2015, which applications are hereinincorporated by reference.

COPYRIGHT NOTICE

A portion of the disclosure of this patent document contains materialwhich is subject to copyright protection. The copyright owner has noobjection to the facsimile reproduction by anyone of the patent documentor the patent disclosure, as it appears in the Patent and TrademarkOffice patent file or records, but otherwise reserves all copyrightrights whatsoever.

FIELD OF INVENTION

Embodiments of the invention are generally related to applicationservers and cloud environments, and are particularly related to a systemand method for supporting applications invoked from a multitenantmiddleware platform.

BACKGROUND

Software application servers, examples of which include Oracle WebLogicServer (WLS) and Glassfish, generally provide a managed environment forrunning enterprise software applications. Recently, technologies havealso been developed for use in cloud environments, which allow users ortenants to develop and run their applications within the cloudenvironment, and to take advantage of distributed resources provided bythe environment.

SUMMARY

In accordance with an embodiment, described herein is a system andmethod for supporting multitenant execution of a tenant-unaware programinvoked from a multitenant middleware application. An exemplary methodcan provide a plurality of partitions, and a plurality of tenant-awareprograms, wherein each of the plurality of tenant-aware programs isassociated with a partition. The method can associate each of theplurality of partitions and the plurality of tenant-aware programs witha tenant of a plurality of tenants. The method can invoke thetenant-unaware process from a calling partition of the plurality ofpartitions, the calling partition being associated with a calling tenantof the plurality of tenants. The method can collect tenancy informationabout the calling tenant. And, based upon the collected tenancyinformation, the method can scope execution of the tenant-unware processto the calling tenant by setting up a process execution environment andresources.

In accordance with an embodiment, using containerized applications, thescoped execution can support runtime isolation of a tenant-unawareprocess from other tenants of the multitenant middleware environment,resulting in multitenant operation of the OS application program.

DESCRIPTION OF THE FIGURES

FIG. 1 illustrates a system for supporting multi-tenancy in anapplication server, cloud, or other environment, in accordance with anembodiment.

FIG. 2 further illustrates a system for supporting multi-tenancy in anapplication server, cloud, or other environment, in accordance with anembodiment.

FIG. 3 further illustrates a system for supporting multi-tenancy in anapplication server, cloud, or other environment, in accordance with anembodiment.

FIG. 4 illustrates a domain configuration for use with an exemplarymulti-tenant environment, in accordance with an embodiment.

FIG. 5 further illustrates an exemplary multi-tenant environment, inaccordance an embodiment.

FIG. 6 illustrates a system for tenant scoped execution of atenant-unaware process, in accordance with an embodiment.

FIG. 7 illustrates a system for tenant scoped execution of atenant-unaware process, in accordance with an embodiment.

FIG. 8 illustrates a system for tenant scoped execution a tenant-unawareprocess, in accordance with an embodiment.

FIG. 9 is a flow chart of an exemplary method for creating environmentand resources for tenant scoped execution of a tenant unaware process,in accordance with an embodiment.

FIG. 10 is a flow chart of an exemplary method for creating andconfiguring a process builder, in accordance with an embodiment.

FIG. 11 is a flow chart of an exemplary method for multitenant executionof a tenant unaware OS application from a MT middleware application(e.g., JEE application), in accordance with an embodiment.

FIG. 12 is a flow chart of an exemplary method for supporting tenantscoped execution of a tenant-unaware process invoked from a multitenantmiddleware application.

DETAILED DESCRIPTION

In accordance with an embodiment, described herein is a system andmethod for supporting tenant scoped execution (also referred to hereinvariously as “multitenant execution”) of a tenant-unaware processinvoked from a multitenant middleware application. An exemplary methodcan provide a plurality of partitions, and a plurality of tenant-awareprograms, wherein each of the plurality of tenant-aware programs isassociated with a partition. The method can associate each of theplurality of partitions and the plurality of tenant-aware programs witha tenant of a plurality of tenants. The method can invoke thetenant-unaware process from a calling partition of the plurality ofpartitions, the calling partition being associated with a calling tenantof the plurality of tenants. The method can collect tenancy informationabout the calling tenant. And, based upon the collected tenancyinformation, the method can scope execution of the tenant-unware processto the calling tenant by setting up a process execution environment andresources.

By using the described systems and methods herein, in accordance with anembodiment, tenant aware JEE applications (e.g., SaaS applications),which include non-Java components running as native programs/processeson operating systems can work in tenant scoped manner, making thecomplete application (end-to-end) multi-tenant aware and isolated. Thatis, the multi-tenancy support provided within a multi-tenant applicationserver environment can be supported outside of the MT application serverenvironment on a native OS, and not be restricted to components/programsrunning within the MT application server environment (e.g., WebLogicMT).

Application Server (e.g., Multi-Tenant, MT) Environment

FIG. 1 illustrates a system for supporting multi-tenancy in anapplication server, cloud, or other environment, in accordance with anembodiment.

As illustrated in FIG. 1, in accordance with an embodiment, anapplication server (e.g., multi-tenant, MT) environment 100, or othercomputing environment which enables the deployment and execution ofsoftware applications, can be configured to include and operateaccording to a domain 102 configuration that is used at runtime todefine an application server domain.

In accordance with an embodiment, the application server can include oneor more partitions 104 that are defined for use at runtime. Eachpartition can be associated with a globally unique partition identifier(ID) and partition configuration, and can further include one or moreresource groups 124, together with a reference to a resource grouptemplate 126 and/or partition-specific applications or resources 128.Domain-level resource groups, applications and/or resources 140 can alsobe defined at the domain level, optionally with a reference to aresource group template.

Each resource group template 160 can define one or more applications A162, B 164, resources A 166, B 168, and/or other deployable applicationsor resources 170, and can be referenced by a resource group. Forexample, as illustrated in FIG. 1, resource group 124 in partition 104can reference 190 resource group template 160.

Generally, a system administrator can define partitions, domain-levelresource groups and resource group templates, and security realms; whilea partition administrator can define aspects of their own partition, forexample, by creating partition-level resource groups, deployingapplications to the partition, or referencing specific realms for thepartition.

FIG. 2 further illustrates a system for supporting multi-tenancy in anapplication server, cloud, or other environment, in accordance with anembodiment.

As illustrated in FIG. 2, in accordance with an embodiment, a partition202 can include, for example, a resource group 205 which includes areference 206 to a resource group template 210, a virtual target (e.g.,virtual host) information 207, and a pluggable database (PDB)information 208. A resource group template (e.g., 210) can define, forexample, a plurality of applications A 211 and B 212, together withresources such as a Java Message Server (JMS) server 213,store-and-forward (SAF) agent 215, mail session component 216, or JavaDatabase Connectivity (JDBC) resource 217.

The resource group template illustrated in FIG. 2 is provided by way ofexample; in accordance with other embodiments, different types ofresource group templates and elements can be provided.

In accordance with an embodiment, when a resource group within apartition (e.g., 202) references 220 a particular resource grouptemplate (e.g., 210), information associated with a particular partitioncan be used in combination with the referenced resource group template,to indicate a partition-specific information 230, for example apartition-specific PDB information. The partition-specific informationcan then be used by the application server to configure resources, forexample a PDB resource, for use by the partition. For example,partition-specific PDB information associated with partition 202 can beused, by the application server, to configure 232 a container database(CDB) 236 with an appropriate PDB 238, for use by that partition.

Similarly, in accordance with an embodiment, a virtual targetinformation associated with a particular partition can be used to define239 a partition-specific virtual target 240, for use by the partition,e.g., baylandurgentcare.com, which can then be made accessible via auniform resource locator (URL), e.g., http://baylandurgentcare.com.

FIG. 3 further illustrates a system for supporting multi-tenancy in anapplication server, cloud, or other environment, in accordance with anembodiment.

In accordance with an embodiment, a system configuration such as aconfig.xml configuration file, is used to define a partition, includingconfiguration elements for resource groups associated with thatpartition, and/or other partition properties. Values can be specifiedper-partition using property name/value pairs.

In accordance with an embodiment, a plurality of partitions can beexecuted within a managed server/cluster 242, or a similar environmentwhich can provide access to a CDB 243, and which are accessible via aweb tier 244. This allows, for example, a domain or partition to beassociated with one or more of the PDBs (of the CDB).

In accordance with an embodiment, each of the plurality of partitions,in this example partition A 250 and partition B 260, can be configuredto include a plurality of resources associated with that partition. Forexample, partition A can be configured to include a resource group 251which contains an application A1 252, application A2 254, and JMS A 256,together with a datasource A 257 associated with PDB A 259, wherein thepartition is accessible via a virtual target A 258. Similarly, partitionB 260 can be configured to include a resource group 261 which containsan application B1 262, application B2 264, and JMS B 266, together witha datasource B 267 associated with PDB B 269, wherein the partition isaccessible via a virtual target B 268.

While several of the above examples illustrate use of CDB and PDBs, inaccordance with other embodiments, other types of multi-tenant ornon-multi-tenant databases can be supported, wherein a particularconfiguration can be provided for each partition, for example throughthe use of schemas, or the use of different databases.

Resources

In accordance with an embodiment, a resource is a system resource,application, or other resource or object that can be deployed to adomain of the environment. For example, in accordance with anembodiment, a resource can be an application, JMS, JDBC, JavaMail, WLDF,data source, or other system resource or other type of object that canbe deployed to a server, cluster, or other application server target.

Partitions

In accordance with an embodiment, a partition is a runtime andadministrative subdivision or slice of a domain that can be associatedwith a partition identifier (ID) and configuration, and can containapplications and/or refer to domain-wide resources through the use ofresource groups and resource group templates.

Generally, a partition can contain its own applications, refer to domainwide applications via resource group templates, and have its ownconfiguration. Partitionable entities can include resources, for exampleJMS, JDBC, JavaMail, WLDF resources, and other components, such as JNDInamespace, network traffic, work managers, and security policies andrealms. In the context of a multi-tenant environment, the system can beconfigured to provide tenant access to the administrative and runtimeaspects of partitions associated with a tenant.

In accordance with an embodiment, each resource group within a partitioncan optionally reference a resource group template. A partition can havemultiple resource groups, and each of them can reference a resourcegroup template. Each partition can define properties for configurationdata that is not specified in the resource group templates to which thepartition's resource groups refer. This enables the partition to act asa binding of deployable resources defined in a resource group template,to specific values for use with that partition. In some cases, apartition can override configuration information specified by a resourcegroup template.

In accordance with an embodiment, a partition configuration, as definedfor example by a config.xml configuration file, can include a pluralityof configuration elements, for example: “partition”, which contains theattributes and child elements that define the partition;“resource-group”, which contains the applications and resources deployedto the partition; “resource-group-template”, which contains applicationsand resources defined by that template; “jdbc-system-resource-override”,which contains a database-specific service name, user name, andpassword; and “partition-properties”, which contains property key valuesthat can be used for macro replacement in resource group templates.

Upon startup, the system can use the information provided by theconfiguration file to generate partition-specific configuration elementsfor each resource, from the resource group template.

Resource Groups

In accordance with an embodiment, a resource group is a named,fully-qualified collection of deployable resources that can be definedeither at a domain or partition level, and can reference a resourcegroup template. The resources in a resource group are consideredfully-qualified in that the administrator has provided all of theinformation needed to start or connect to those resources, for examplethe credentials for connecting to a data source, or the targetinginformation for an application.

A system administrator can declare resource groups at the domain level,or at the partition level. At the domain level, a resource groupprovides a convenient way to group related resources. The system canmanage resources declared in a domain-level resource group the same asungrouped resources, so that the resources can be started during systemstart-up, and stopped during system shut-down. An administrator can alsostop, start, or remove a resource in a group individually, and can acton all the resources in a group implicitly by operating on the group.For example, stopping a resource group stops all of the resources in thegroup that are not already stopped; starting the resource group startsany resources in the group that are not already started; and removingthe resource group removes all of the resources contained in the group.

At the partition level, a system or partition administrator canconfigure zero or more resource groups in a partition, subject to anysecurity restrictions. For example, in a SaaS use case, variouspartition-level resource groups can refer to domain-level resource grouptemplates; while in a PaaS use case, partition-level resource groups canbe created that do not refer to resource group templates, but insteadrepresent applications and their related resources that are to be madeavailable within that partition only.

In accordance with an embodiment, resource grouping can be used to grouptogether applications and the resources they use as a distinctadministrative unit within the domain. For example, in the medicalrecords (MedRec) application described below, a resource groupingdefines the MedRec application and its resources. Multiple partitionscan run the same MedRec resource group, each using a partition-specificconfiguration information, such that the applications that are part ofeach MedRec instance are made specific to each partition.

Resource Group Templates

In accordance with an embodiment, a resource group template is acollection of deployable resources that are defined at a domain level,that can be referenced from a resource group, and some of theinformation required to activate its resources may not be stored as partof the template itself, such that it supports the specification ofpartition level configuration. A domain can contain any number ofresource group templates, each of which can include, for example, one ormore related Java applications and the resources on which thoseapplications depend. Some of the information about such resources may bethe same across all partitions, while other information may vary fromone partition to the next. Not all configuration need be specified atthe domain level—partition level configuration can instead be specifiedin the resource group template through the use of macros, or propertyname/value pairs.

In accordance with an embodiment, a particular resource group templatecan be referenced by one or more resource groups. Generally, within anygiven partition, a resource group template can be referenced by oneresource group at a time, i.e., not simultaneously by multiple resourcegroups within the same partition; however, it can be referenced at thesame time by another resource group in a different partition. The objectcontaining the resource group, e.g., the domain or partition, can useproperty name/value assignments to set the value of any tokens in theresource group template. When the system activates a resource grouptemplate using a referencing resource group, it can replace those tokenswith values set in the resource group's containing object. In somecases, the system can also use statically-configured resource grouptemplates and partitions to generate runtime configuration for eachpartition/template combination.

For example, in a SaaS use case, the system can activate the sameapplications and resources multiple times, including once for eachpartition that will use them. When an administrator defines a resourcegroup template they can use tokens to represent the information thatwill be supplied elsewhere. For example, the username to use inconnecting to a CRM-related data resource can be indicated in theresource group template as \${CRMDataUsername}.

Tenants

In accordance with an embodiment, in a multi-tenant environment, such asa multi-tenant (MT) application server environment, a tenant is anentity that can be represented by, or otherwise associated with, one ormore partitions and/or one or more tenant-aware applications.

For example, tenants can represent distinct user organizations, such asdifferent external companies, or different departments within aparticular enterprise (e.g., HR and Finance departments), each of whichcan be associated with a different partition. A tenant globally uniqueidentity (tenant ID) is the association of a particular user, at aparticular moment in time, with a particular tenant. The system canderive which tenant a particular user belongs to from the user identity,for example by referring to a user identity store. The user identityenables the system to enforce those actions that a user is authorized toperform, including, but not limited to, which tenant the user maybelong.

In accordance with an embodiment, the system enables isolation of theadministration and runtime of different tenants from each other. Forexample, tenants can configure some behaviors of their applications, andresources to which they have access. The system can ensure that aparticular tenant cannot administer artifacts belonging to anothertenant; and, at runtime, that the applications working on behalf of aparticular tenant refer only to resources associated with that tenant,and not to resources associated with other tenants.

In accordance with an embodiment, a tenant—unaware application is onethat contains no logic dealing with tenants explicitly, such that anyresources that the application uses may be accessible regardless of whatuser submitted a request to which the application is responding. Incontrast, a tenant-aware application includes logic that explicitlydeals with tenants. For example, based on a user's identity theapplication can derive the tenant to which the user belongs and use thatinformation to access tenant—specific resources.

In accordance with an embodiment, the system enables users to deployapplications that are explicitly written to be tenant-aware, so thatapplication developers can obtain the tenant ID of a current tenant. Thetenant-aware application can then use the tenant ID to handle multipletenants that are using a single instance of the application.

For example, the MedRec application, which supports a single doctor'soffice or hospital, can be exposed to two different partitions ortenants, e.g., a Bayland Urgent Care tenant, and a Valley Health tenant,each of which is able to access separate tenant-specific resources, suchas separate PDBs, without changing the underlying application code.

Exemplary Domain Configuration and Multi-Tenant Environment

In accordance with an embodiment, applications can be deployed to aresource group template at the domain level, or to a resource group thatis scoped to a partition or scoped to the domain. Applicationconfiguration can be overridden using deployment plans specifiedper-application, or per-partition.

FIG. 4 illustrates a domain configuration for use with an exemplarymulti-tenant environment, in accordance with an embodiment.

In accordance with an embodiment, when the system starts a partition, itcreates virtual targets (e.g., virtual hosts) and connection pools,including one for each partition, to respective database instances,according to the provided configuration.

Typically, each resource group template can include one or more relatedapplications and the resources on which those applications depend. Eachpartition can provide configuration data that is not specified in theresource group templates to which it refers, by providing a binding ofthe deployable resources in resource group templates to specific valuesassociated with the partition; including, in some cases, overridingcertain configuration information specified by the resource grouptemplate. This enables the system to activate an application representedby a resource group template differently for each partition, using theproperty values each partition has defined.

In some instances, a partition may contain resource groups that do notrefer to resource group templates, or that directly define their ownpartition-scoped deployable resources. Applications and data sourcesthat are defined within a partition are generally available only to thatpartition. Resources can be deployed so that they can be accessed fromacross partitions using partition:<partitionName>/<resource JNDI name>,or domain:<resource JNDI name>.

For example, a MedRec application can include a plurality of Javaapplications, a data source, a JMS server, and a mail session. To runthe MedRec application for multiple tenants, the system administratorcan define a single MedRec resource group template 286, declaring thosedeployable resources in the template.

In contrast to domain-level deployable resources, the deployableresources declared in a resource group template may not be fullyconfigured in the template, or cannot be activated as-is, since theylack some configuration information.

For example, the MedRec resource group template may declare a datasource used by the applications, but it may not specify a URL forconnecting to the database. Partitions associated with differenttenants, for example, partition BUC-A 290 (Bayland Urgent Care, BUC) andpartition VH-A 292 (Valley Health, VH) can reference one or moreresource group templates, by each including a MedRec resource group 293,294 that references 296, 297 the MedRec resource group template. Thereference can then be used to create 302, 306, the virtualtargets/virtual hosts for each tenant, including a virtual hostbaylandurgentcare.com 304 associated with the BUC-A partition, for useby the Bayland Urgent Care tenant; and a virtual host valleyhealth.com308 associated with the VH-A partition, for use by the Valley Healthtenant.

FIG. 5 further illustrates an exemplary multi-tenant environment, inaccordance with an embodiment. As illustrated in FIG. 5, and continuingthe example from above, in which two partitions reference the MedRecresource group template, in accordance with an embodiment, a servletengine 310 can be used to support a plurality of tenant environments, inthis example a Bayland Urgent Care Physician tenant environment 320, anda Valley Health Physician tenant environment 330.

In accordance with an embodiment, each partition 321, 331 can define adifferent virtual target on which to accept incoming traffic for thattenant environment, and a different URL 322, 332 for connecting to thepartition and to its resources 324, 334, including in this exampleeither a Bayland Urgent Care database, or a Valley Health databaserespectively. The database instances can use compatible schemas, sincethe same application code will execute against both databases. When thesystem starts the partitions, it can create the virtual targets andconnection pools to the respective database instances.

Tenant Scoped Execution of OS Programs

In accordance with an embodiment, the methods and systems describedherein can support tenant scoped execution of OS (i.e., tenant unaware)programs, applications, and processes (variously referred to hereinafter as “OS programs”, “OS applications”, “OS processes”, “non-tenantaware programs”, “non-tenant aware applications”, and “non-tenant awareprocesses”).

Typically, when applications are executed within a MT environment, theapplications are tenant scoped, meaning that the libraries and resourcesaccessed by the tenant aware programs are isolated from, for example,other tenants within the MT environment.

However, when a tenant aware program operating in an MT environmentcalls a tenant unaware application (e.g., C, C++, Perl . . . etc.)operating on a native OS, an issue can arise in that there is little orno isolation between these programs operating on the OS. That is, ageneral purpose operating system has no notion of tenancy and is unawareof tenancy (i.e., tenancy information associated with the originatingcall from the MT application) associated with the MT application (i.e.,JEE application). This can lead to execution of OS programs within acommon environment and using shared OS resources (e.g., files,processes, databases), which in turn can lead to loss of tenant contextas well as runtime separation/isolation, when separate tenantapplications call an outside OS application (e.g., tenant unawareapplication).

FIG. 6 illustrates a system for tenant scoped execution of atenant-unware process, in accordance with an embodiment. As shown inFIG. 6, a Multitenant Application Server Environment 600 (e.g., WebLogicMultitenant) can comprises a number of tenant partitions, such as tenant1 partition 601 and tenant 2 partition 605. Both tenant 1 partition andtenant 2 partition can be associated with an application, such as a JEEapplication 602, 606, respectively, which are associated with adatasource 603, 607, respectively, which allows access to each tenant'srespective database 604, 608, respectively.

In accordance with an embodiment, an application, such as a JEEapplication associated with tenant 2, can invoke an OS program (invokeprocess) that is located outside of a Multitenant Application Server in,for example, a native OS 610. This can occur, for example, when thereare components of MT applications that are not confined to the MTapplication server (e.g., Perl script, C programs . . . etc.). Suchapplications (i.e., those MT applications that also rely external OScomponents that run outside of the MT application server to perform) canbe referred to as composite applications. The JEE application associatedwith tenant 2 runs in a MT environment and has tenant context associatedat runtime.

In accordance with an embodiment, when a MT application (e.g., a JEEapplication), invokes an OS program/application (i.e., process 620), theMT application can set up a number of variables 625 (i.e., environmentvariables) in order to extend/propagate the tenant context that isavailable to the JEE application. These variables can include a tenantID, a tenant name; a tenant filesystem (TFS) root; a process workdirectory, under TFS, with input and output sub-directories; a tenant DBconnect string, and a tenant LDAP (lightweight directory accessprotocol) directory URL.

In accordance with an embodiment, the MT application server can manage avirtual tenant filesystem 630 for each tenant that has been on-boardedinto the MT application server environment 600. This virtual tenant filesystem can be created/set up as part of an application serveradministration when a tenant is on-boarded. The virtual tenantfilesystems are part the OS 610, with one virtual tenant filesystem foreach tenant currently active in the MT application server environment.

In accordance with an embodiment, when an MT application (e.g., JEEapplication) invokes an OS process (i.e., tenant unaware process), theMT application can additionally create a temporary process workdirectory under the tenant's virtual filesystem. If more than one OSprocess is invoked by an MT application, the MT application can createone temporary work directory for each OS process invoked. The MTapplication, in creating the temporary work directory under the virtualfilesystem, can additionally create (for each OS process invoked)subdirectories under the temporary work directory for input, output,error and database directories. These subdirectories can acceptredirected stdin (input stream), stdout (output stream) and stderr(error stream) of the invoked OS process. Each input subdirectory can beset up with process input files. Each output subdirectory can beresponsible for capturing process output files. Each error subdirectorycan be responsible for capturing process error (e.g., stderr) messages.The virtual tenant specific filesystems can be associated with a nativestorage, such as OS storage 640.

In accordance with an embodiment, a process builder can comprise an API(e.g., Java ProcessBuilder API) that allows a client to specify acommand line for an OS program/application to execute, configureenvironment variables to set up in the process environment, configure aprocess work directory, and redirect the process input, output, anderror streams to files on a file system. The process builder can allowcertain process characteristics to be set up or configured before aprocess (i.e., OS process) is started, such as a process environment, aprocess working directory, and process input stream/output stream/errorstream re-direction.

In accordance with an embodiment, when a MT application invokes an OSprocess, it can create and utilize a process builder (e.g., processbuilder instance). The tenancy context from the MT application can bepropagated as part of the process builder API invocation, includingsetting environmental variables and creating and configuring the processwork directory. By utilizing the environment variables along with theprocess work directory, the process builder can be configured in orderto assign resources (environment variables, process work directory,redirected input/out files, a database connect descriptor, LDAPdirectory, wallet) that allows the tenant unaware process (e.g. OSprocess) to be scoped/confined in its execution within the tenancycontext. In this way, the tenant unaware process (e.g., OS process) getsa work directory that is specific to the invoking tenant and under thetenant designated virtual filesystem and isolated from the files andresources created or owned by other tenants of the MT application serverenvironment 600.

In accordance with an embodiment, the tenant unaware process is assigneda tenant specific folder under the OS file-system for redirected processI/O streams, connects to the database associated with the tenant usingtenant specific access credentials, and uses tenant LDAP directory. Atenant specific database connect string/descriptor can allow programs totransparently work with the tenant database. Tenant specific credentialscan be configured in a wallet set up under a database subdirectory ofthe process work directory in the tenant's virtual filesystem.

In accordance with an embodiment, after a virtual tenant filesystem hasbeen created for the calling MT application from a calling partition(associated with a tenant, sometimes referred to as a “calling tenant”),the streams (e.g., input stream, output stream, error stream) associatedwith the tenant unaware process can be redirected to the respectiveinput, output and error subdirectories under the process work directoryin the tenant's virtual filesystem

In this way, the tenancy context, environment and data associated withseparate tenants invoking OS programs can be kept discrete and separatedfrom each other, thus allowing for scoped processing of an OSapplication (tenant unaware) executing based upon a call from inside ofa MT container (e.g., from a JEE program executing on behalf of apartition within the MT container).

In accordance with an embodiment, once the tenant unaware processcompletes execution, the MT application running in the MT applicationserver environment can retrieve the process output and clean up theprocess work directory.

In accordance with an embodiment, the MT application can get the processexitValue status code (e.g., from java Process object exitValue( )method) to find if the program executed successfully. It can alsoretrieve the redirected stdout and stderr files under the output anderror sub-folders, to examine if the process execution was successful.The results updated in the tenant database can be directly accessed fromthe database by the MT application running in the partition, once thetenant unaware process execution completes.

In accordance with an embodiment, the MT application can also delete theprocess work directory and its sub-folders, which cleans up the outputfiles and the db files, such as the wallet.

In accordance with an embodiment, the environment variables configuredat the MT application that calls the OS program can comprise: a tenantID, a tenant name; a tenant filesystem (TFS) root; a process workdirectory, under TFS, with input, output, and error sub-directories; atenant DB connect string, and a tenant LDAP (lightweight directoryaccess protocol) directory URL.

In accordance with an embodiment, using a process builder configuration,a tenant-unaware OS program can be assigned resources (environmentvariables, process work directory, redirected input/output files, a DBconnect descriptor, LDAP directory, and wallet) that scope/confine itsexecution within a tenant context.

Multitenant Execution of OS Programs—Containerized Applications

In accordance with an embodiment, the methods and systems describedherein can support multitenant execution of tenant unware processes(i.e., OS processes) by using a containerized application to providetenant isolation at runtime.

In accordance with an embodiment, the present disclosure can utilizecontainerized applications to provide tenant isolation during runtime oftenant unaware processes.

In accordance with an embodiment, a containerized application or processis an application that is packaged as a container and comprises thenecessary information for the application to run, such as OS base image,application executables, and libraries. A containerized application canbe a portable application that can be shared among Linux distributionsusing the same Linux kernel, such a Linux kernel 750. A containerizedapplication can be created such that if a developer creates aportable/containerized application and shares the image, and assumingthe same linux kernel, the system that the containerized application wasshared with can download the containerized application image from acontainer image registry or repository and spin off a container to runthe containerized application. At this point, the application will beavailable on the destination host isolated from other containers andfrom the OS, and it can still be available with the required libraries(e.g., the same versions of the libraries that the developer of theapplication/process intended). Then, there can be another containerizedapplication instance that uses the same versions of the libraries, butit will run separately. Docker is an example of such a containerframework/infrastructure.

FIG. 7 illustrates a system for multitenant execution of a tenant-unwareprocess, in accordance with an embodiment. FIG. 7 depicts multitenantexecution of OS programs, called from a MT application, usingcontainerized OS applications executing in an OS that supports softwarecontainers.

As shown in FIG. 7, a MT application server environment 600 (e.g.,WebLogic Multitenant) can comprises a number of tenant partitions, suchas tenant 1 partition 601 and tenant 2 partition 605. Both tenant 1partition and tenant 2 partition can be associated with an application,such as a JEE application 602, 606, respectively, which are associatedwith a datasource 603, 607, respectively, which allows access to eachtenant's respective database 604, 608, respectively.

In accordance with an embodiment, when a MT application (e.g., a JEEapplication), invokes a tenant unaware application (e.g., as acontainerized application), the MT application can set up a number ofvariables (i.e., environment variables) in order to extend/propagate thetenant context that is available to the JEE application. These variablescan include a tenant ID, a tenant name; a tenant filesystem (TFS) root;a process work directory, under TFS, with input, output, and errorsub-directories; a tenant DB connect string, and a tenant LDAP(lightweight directory access protocol) directory URL.

In accordance with an embodiment, the MT application server can manage avirtual tenant filesystem 735 for each tenant that has been on-boardedinto the MT application server environment 600. This virtual tenant filesystem can be created/set up as part of an application serveradministration when a tenant is on-boarded. The virtual tenantfilesystems are part the OS 610, with one virtual tenant filesystem foreach tenant currently active in the MT application server environment.

In accordance with an embodiment, when an MT application (e.g., JEEapplication) invokes a tenant unaware application, the MT applicationcan additionally create a temporary process work directory (alsoreferred to herein as “process work directory”) under the tenant'svirtual filesystem. If more than one tenant unaware application isinvoked by an MT application, the MT application can create one processwork directory for each tenant unaware application invoked. The MTapplication, in creating the process work directory under the virtualfilesystem, can additionally create (for each tenant unaware applicationinvoked) subdirectories under the process work directory for input,output, error and database directories. These subdirectories can acceptredirected stdin (input stream), stdout (output stream) and stderr(error stream) of the invoked OS process. Each input subdirectory canset up with process input files. Each output subdirectory can beresponsible for capturing process output files. Each error subdirectorycan be responsible for capturing process error (e.g., stderr) messages.The virtual tenant specific filesystems can be associated with a nativestorage, such as OS storage 736.

In accordance with an embodiment, a process builder, which can beutilized by an MT application, can comprise an API (e.g., JavaProcessBuilder API) that allows a client to specify a command line foran tenant unaware application to execute, configure environmentvariables to set up in the process environment, configure a process workdirectory, and redirect the process input, output, and error streams tofiles on a file system. The process builder can allow certain processcharacteristics to be set up or configured before a process (i.e.,tenant unaware application) is started, such as a process environment, aprocess working directory, and process input stream/output stream/errorstream re-direction.

In accordance with an embodiment, when a MT application invokes a tenantunaware application, it can create and utilize a process builder (e.g.,process builder instance). The tenancy context from the MT applicationcan be propagated as part of the process builder API invocation,including setting environmental variables and creating the temporaryprocess work directory. By utilizing the environment variables alongwith the temporary process work directory, the process builder can beconfigured in order to assign resources (environment variables, processwork directory, redirected input/output/error streams, a databaseconnect descriptor, LDAP directory, wallet) that allows the tenantunaware application to be scoped/confined in its execution within thetenancy context. In this way, the tenant unaware application gets a workdirectory that is specific to the invoking tenant and under the tenantdesignated virtual filesystem and isolated from the files created orowned by other tenants of the MT application server environment 600.

In accordance with an embodiment, the tenant unaware application isassigned a tenant specific folder under the OS file-system forredirected process I/O streams, connects to the database associated withthe tenant using tenant specific access credentials, and uses tenantspecific LDAP directory. A tenant specific database connectstring/descriptor can allow programs to transparently work with thetenant database. Tenant specific credentials can be configured in awallet set up under the database subdirectory under the process workdirectory in the tenant's virtual filesystem.

In accordance with an embodiment, after a virtual tenant filesystem hasbeen created for the calling MT application from a calling partition(associated with a tenant, sometimes referred to as a “calling tenant”),the streams (e.g., input stream, output stream, error stream) associatedwith the tenant unaware application (e.g., containerized application)can be redirected to the respective input, output and errorsubdirectories under the process work directory in the tenant's virtualfilesystem.

In accordance with an embodiment, the tenant unaware application (whichis invoked from an MT application, such as a JEE application callingfrom tenant 2's partition) can be packaged as a containerizedapplication. In an exemplary process, a MT application can invoke an OSprogram. In such a case, a process builder (e.g., Java ProcessBuilder)can invoke the containerized application. Container frameworks provide alightweight container virtualization technology. One such containerframework is Docker.

In accordance with an embodiment, the container runtime, such as Docker,defines a format for packaging an application and all of theapplication's dependencies into a single image. This image can betransferred to any Docker-enabled machine, where it can be executed withthe guarantee that the execution environment exposed to the applicationwill be the same.

Using an OS with a container framework, such as Docker, the system cancreate an application container image that includes a base OS (e.g.,Ubuntu) along with a layered filesystem that contains the applicationbinaries and required libraries and components. The image can beself-contained and portable allowing it to run the application, withoutany dependencies on the host, when the containerized application islaunched.

In accordance with an embodiment, a MT application (i.e., JEEapplication 606) can invoke a tenant unaware application by launching acontainer process (e.g., Docker or Rocket). A container client 720, suchas a Docket Client, be invoked by an MT Application using the ProcessBuilder (e.g., a JEE application 606 running in tenant 2's partition605) to launch an OS (tenant unaware) application with the tenancycontext from the originator of the request (i.e., the JEE application).The container client can invoke a container daemon 725, such as a Dockerdaemon. The container daemon can then download and launch an applicationimage 740 of the requested containerized application from the JEEapplication. The application image 740 can comprise a base OS (e.g.,Ubuntu) along with a layered filesystem that contains the applicationbinaries and required libraries and components. The application imagecan be self-contained and portable, allowing it to run an applicationwithout any dependencies on the host. In addition, the containerizedapplication can run as isolated instances. The containerizedapplications run on the same OS, but execute in isolation, meaning thattwo or more tenants can run different instances of the same applicationin isolation as separate containers.

In accordance with an embodiment, when a container is created (by thecontainer daemon), and an application image is loaded into the containerto run the containerized application 730, the application can then berun without any dependencies on the host.

In accordance with an embodiment, the containerized application 730 cancommunicate (I/O) with tenant's virtual tenant filesystem 735 (basedupon the tenant context, for example, tenant 2's partition, which inturn can communicate with the OS storage 736).

In accordance with an embodiment, a containerized application operatingon behalf of a tenant, e.g., tenant 2, can access the tenant's database608 with the necessary credentials.

In accordance with an embodiment, the MT application can get the processexitValue status code (e.g., from java Process object exitValue()method) to find if the program executed successfully. It can alsoretrieve the redirected stdout and stderr files under the output anderror sub-folders, to examine if the process execution was successful.The results updated in the tenant database can be directly accessed fromthe database by the MT application running in the partition, once thetenant unaware containerized application execution completes.

In accordance with an embodiment, the MT application can also delete theprocess work directory and its sub-folders, which cleans up the outputfiles and the db files, such as the wallet.

FIG. 8 illustrates a system for multitenant execution of a tenant-unwareprocess, in accordance with an embodiment. FIG. 8 depicts multitenantexecution of OS programs, called from a MT application, usingcontainerized OS applications executing in containers.

As shown in FIG. 8, a MT application server environment 600 (e.g.,WebLogic Multitenant) can comprises a number of tenant partitions, suchas tenant 1 partition 601 and tenant 2 partition 605. Both tenant 1partition and tenant 2 partition can be associated with an application,such as a JEE application 602, 606, respectively, which are associatedwith a datasource 603, 607, respectively, which allows access to eachtenant's respective database 604, 608, respectively.

In accordance with an embodiment, when a MT application (e.g., a JEEapplication), invokes a tenant unaware application (e.g., as acontainerized application), the MT application can set up a number ofvariables (i.e., environment variables) in order to extend/propagate thetenant context that is available to the JEE application. These variablescan include a tenant ID, a tenant name; a tenant filesystem (TFS) root;a process work directory, under TFS, with input and outputsub-directories; a tenant DB connect string, and a tenant LDAP(lightweight directory access protocol) directory URL.

In accordance with an embodiment, the MT application server can manage avirtual tenant filesystem 735 for each tenant that has been on-boardedinto the MT application server environment 600. This virtual tenant filesystem can be created/set up as part of an application serveradministration when a tenant is on-boarded. The virtual tenantfilesystems are part the OS 610, with one virtual tenant filesystem foreach tenant currently active in the MT application server environment.

In accordance with an embodiment, when an MT application (e.g., JEEapplication) invokes a tenant unaware application, the MT applicationcan additionally create a temporary process work directory under thetenant's virtual filesystem. If more than one tenant unaware applicationis invoked by an MT application, the MT application can create oneprocess work directory for each tenant unaware application invoked. TheMT application, in creating the process work directory under the virtualfilesystem, can additionally create (for each tenant unaware applicationinvoked) subdirectories under the process work directory for input,output, error and database directories. These subdirectories can acceptredirected (stdin) input streams, (stdout) output streams and (stderr)error streams. Each input subdirectory can be responsible set up withprocess input files. Each output subdirectory can be responsible forcapturing process output files. Each error subdirectory can beresponsible for capturing process error (e.g., stderr) messages. Thevirtual tenant specific filesystems can be associated with a nativestorage, such as OS storage 736.

In accordance with an embodiment, a process builder can comprise an API(e.g., Java ProcessBuilder API) that allows a client to specify acommand line for an tenant unaware application to execute, configureenvironment variables to set up in the process environment, configure aprocess work directory, and redirect the process input, output, anderror streams to files on a file system. The process builder can allowcertain process characteristics to be set up or configured before aprocess (i.e., tenant unaware application) is started, such as a processenvironment, a process working directory, and process inputstream/output stream/error stream re-direction.

In accordance with an embodiment, when a MT application invokes a tenantunaware application, it can create and utilize a process builder (e.g.,process builder instance). The tenancy context from the MT applicationcan be propagated as part of the process builder API invocation,including setting environmental variables. The MT application can createa process work directory and sub-directories (input, output, error, anddatabase) under the VTFS (virtual tenant filesystem). The MT applicationcan then use the process builder API to configure the environmentvariables, process work directory with the temp process work directorypath, redirected streams. By utilizing the environment variables alongwith the process work directory, the process builder can be configuredin order to assign resources (environment variables, process workdirectory, redirected input/out files, a database connect descriptor,LDAP directory, wallet) that allows the tenant unaware application to bescoped/confined in its execution within the tenancy context. In thisway, the tenant unaware application gets a work directory that isspecific to the invoking tenant and under the tenant designated virtualfilesystem and isolated from the files created or owned by other tenantsof the MT application server environment 600.

In accordance with an embodiment, the tenant unaware application uses atenant specific folder under the OS file-system for I/O operations,connects to the database associated with the tenant using tenantspecific access credentials, and uses tenant LDAP directory. A tenantspecific database connect string/descriptor can allow programs totransparently work with the tenant database. Tenant specific credentialscan be configured in a wallet set up under the database subdirectorywithin the process work directory in the tenant's virtual filesystem.

In accordance with an embodiment, after a virtual tenant filesystem hasbeen created for the calling MT application from a calling partition(associated with a tenant, sometimes referred to as a “calling tenant”),the streams (e.g., input stream, output stream, error stream) associatedwith the tenant unaware application (e.g., containerized application)can be redirected to the respective sub-folders under the process workdirectory in the tenant's virtual filesystem.

In accordance with an embodiment, the tenant unaware application (whichis called from an MT application, such as a JEE application calling fromtenant 2's partition) can be packaged as a containerized application. Inan exemplary process, a MT application can invoke an OS program. In sucha case, the process builder API is configured by the MT application toinvoke a container process. One such container framework/infrastructureis Docker.

In accordance with an embodiment, the containerframework/infrastructure, such as Docker, can define a format forpacking an application and all its dependencies into a single image.This image can be uploaded to a Docker hub/repository, from where it canbe downloaded and executed with the guarantee that the executionenvironment exposed to the application will be the same.

In accordance with an embodiment, using a container framework, such asDocker, the system can download a previously created container image 815from an application image library 810. The application image 815 caninclude a base OS (e.g., Ubuntu) along with a layered filesystem thatcontains the application binaries and required libraries and components.The image can be self-contained and portable allowing it to run theapplication, without any dependencies on the host, when the container iscreated and application launched within it.

In accordance with an embodiment, the application image library 815 canbe set up on a host local file system, and can include a number ofcontainerized application images (e.g., .tar files) for desired programsand applications that can be invoked from applications running within aMT application server. Such application images can include, for example,commonly requested OS programs and applications.

In accordance with an embodiment, a MT application (i.e., JEEapplication 606) can invoke a tenant unaware application by launching acontainer process (e.g., Docker or Rocket). A container client 720, suchas a Docket Client, can be invoked by the MT Application using theProcess Builder (e.g., a JEE application 606 running in tenant 2'spartition 605) to launch an OS (tenant unware) application with thetenancy context from the originator of the request (i.e., the JEEapplication). The container client can invoke a container daemon 725,such as a Docker daemon. The container daemon can then download andlaunch an application image 740 of the requested containerizedapplication from the JEE application. The application image 740 cancomprise a base OS (e.g., Ubuntu) along with a layered filesystem thatcontains the application binaries and required libraries and components.The application image can be self-contained and portable, allowing it torun an application without any dependencies on the host. In addition,the containerized application can run as isolated instances. Thecontainerized applications run on the same OS, but execute in isolation,meaning that two or more tenants can run different instances of the sameapplication in isolation as separate containers.

In accordance with an embodiment, the container repository 810 can bepopulated with a number of application images 815. These applicationimages can pre-populated into the application image library, or, canalso be saved into the application image library after the containerprocess of FIG. 8 creates an application image.

In accordance with an embodiment, when a container is created (by thecontainer daemon), and an application image is loaded into the containerto run the containerized application 730, the application can then berun without any dependencies on the host.

In accordance with an embodiment, the containerized application 730 cancommunicate (I/O) with tenant's virtual tenant filesystem 735 (basedupon the tenant context, for example, tenant 2's partition, which inturn can communicate with the OS storage 736).

In accordance with an embodiment, a containerized application operatingon behalf of a tenant, e.g., tenant 2, can access the tenant's database608 with the necessary credentials.

In accordance with an embodiment, the MT application can get the processexitValue status code (e.g., from java Process object exitValue()method) to find if the program executed successfully. It can alsoretrieve the redirected stdout and stderr files under the output anderror sub-folders, to examine if the process execution was successful.The results updated in the tenant database can be directly accessed fromthe database by the MT application running in the partition, once thetenant unaware containerized application execution completes.

In accordance with an embodiment, the MT application can also delete theprocess work directory and its sub-folders, which cleans up the outputfiles and the db files, such as the wallet.

FIG. 9 is a flow chart of an exemplary method for creating environmentand resources for tenant scoped execution of a tenant unaware process,in accordance with an embodiment. At step 910, a process work directorycan be created under a tenant file system (e.g., the virtual tenantfilesystem). At step 920, subdirectories under the process workdirectory can be created for input, output, error and database folders.At step 930, the input folder can be set up with data files. At step940, the database folder can be set up with tenant databaseconfiguration files and credentials (e.g., a wallet). At step 950, theenvironment can be finalized for the tenant unaware applications (e.g.,OS applications/processes) to execute based on tenant context.

FIG. 10 is a flow chart of an exemplary method for creating andconfiguring a process builder to launch a containerized application, inaccordance with an embodiment. At step 1010, a process builder instance(e.g., Java ProcessBuilder API) can be created. At step 1020, theprocess environment can be configured (e.g., with tenant context). Atstep 1030, the process work directory can be configured. At step 1040,the method can configure an executable command line to launch acontainerized application. At step 1050, streams from the containerizedapplication, such as input stream, output stream, and error stream, canbe redirected to the input, output, and error subdirectories of theprocess work directory.

FIG. 11 is a flow chart of an exemplary method for multitenant executionof a tenant unaware OS application from a MT middleware application(e.g., JEE application), in accordance with an embodiment. As aprerequisite to this exemplary method, an OS application (i.e., the OSapplication meant to be invoked from the MT application serverenvironment) can be packaged as a containerized application (e.g.,containerized application image). At step 1110, a process environmentand resources for tenant scoped execution can be created, as identifiedby the flow chart in FIG. 9. At step 1120, a process builder (e.g., JavaProcessBuilder API instance) can be created and configured, asidentified by the flow chart in FIG. 10. At step 1130, the method caninvoke the containerized OS application process using the processbuilder start method. This step creates the configured tenant specificexecution environment and starts the container process. Thecontainerized application can run with the tenant specific environmentand resources, with runtime isolation from other containers & OSprocesses, enforced by the container runtime. At step 1140, the methodcan wait for the containerized application process execution tocomplete. At step 1150, retrieve the process output from the stdout fileof the process work directory as well as the process output from thetenant database, perform any necessary post processing, and update atenant specific database with results. At step 1160, the method candelete and clean up the process work directory and its contents.

FIG. 12 is a flow chart of an exemplary method for supporting tenantscoped execution of a tenant-unaware process invoked from a multitenantmiddleware application. At step 1210, the method can provide, at one ormore computers, including an application server environment executingthereon, a plurality of partitions, wherein each partition provides anadministrative and runtime subdivision of a domain, and a plurality oftenant-aware programs, wherein each of the plurality of tenant-awareprograms is associated with a partition of the plurality of partitions.

At step 1220, the method can associate each of the plurality ofpartitions and the plurality of tenant-aware programs with a tenant of aplurality of tenants, for use by the tenant.

At step 1230, the method can invoke the tenant-unaware process from acalling partition of the plurality of partitions, the calling partitionbeing associated with a calling tenant of the plurality of tenants.

At step 1240, the method can collect tenancy information about thecalling tenant.

At step 1250, the method can, based upon the collected tenancyinformation, scope execution of the tenant-unware process to the callingtenant, wherein scoping execution allows for isolation of the executionof the tenant-unaware process scoped to the calling tenant from othertenants of the multitenant middleware environment

The present invention may be conveniently implemented using one or moreconventional general purpose or specialized digital computer, computingdevice, machine, or microprocessor, including one or more processors,memory and/or computer readable storage media programmed according tothe teachings of the present disclosure. Appropriate software coding canreadily be prepared by skilled programmers based on the teachings of thepresent disclosure, as will be apparent to those skilled in the softwareart.

In some embodiments, the present invention includes a computer programproduct which is a non-transitory storage medium or computer readablemedium (media) having instructions stored thereon/in which can be usedto program a computer to perform any of the processes of the presentinvention. The storage medium can include, but is not limited to, anytype of disk including floppy disks, optical discs, DVD, CD-ROMs,microdrive, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs,DRAMs, VRAMs, flash memory devices, magnetic or optical cards,nanosystems (including molecular memory ICs), or any type of media ordevice suitable for storing instructions and/or data.

The foregoing description of the present invention has been provided forthe purposes of illustration and description. It is not intended to beexhaustive or to limit the invention to the precise forms disclosed.Many modifications and variations will be apparent to the practitionerskilled in the art. The embodiments were chosen and described in orderto best explain the principles of the invention and its practicalapplication, thereby enabling others skilled in the art to understandthe invention for various embodiments and with various modificationsthat are suited to the particular use contemplated. It is intended thatthe scope of the invention be defined by the following claims and theirequivalents.

What is claimed is:
 1. A method for supporting tenant scoped executionof a tenant-unaware process invoked from a multitenant middlewareapplication, comprising: providing, at one or more computers, includingan application server environment executing thereon, a plurality ofpartitions, wherein each partition provides an administrative andruntime subdivision of a domain, and a plurality of tenant-awareprograms, wherein each of the plurality of tenant-aware programs isassociated with a partition of the plurality of partitions; associatingeach of the plurality of partitions and the plurality of tenant-awareprograms with a tenant of a plurality of tenants, for use by the tenant;invoking the tenant-unaware process from a calling partition of theplurality of partitions, the calling partition being associated with acalling tenant of the plurality of tenants; collecting tenancyinformation about the calling tenant; based upon the collected tenancyinformation, scoping execution of the tenant-unware process to thecalling tenant by setting up a process execution environment andresources, wherein scoping execution of the tenant-unaware process tothe calling tenant comprises: launching the tenant-unware process as acontainerized process, the containerized process comprising librariesand executables associated with the tenant-unware process; wherein thecontainerized process is a standalone process capable of isolatingexecution of the tenant-unaware process to the calling tenant from othertenants of the multitenant middleware environment.
 2. The method ofclaim 1, further comprising: creating, based upon the collected tenancyinformation about the calling tenant, a tenant specific virtualfilesystem, wherein the tenant specific virtual filesystems comprises aninput subdirectory, an output subdirectory, a database subdirectory, andan error subdirectory.
 3. The method of claim 2, further comprising:after completion of the tenant-unware process, accessing, by the tenantunaware process, a tenant-specific database; wherein the tenant unawareprocess accesses the tenant-specific database using a wallet.
 4. Themethod of claim 3, wherein launching the tenant-unware process as acontainerized process comprises: accessing, by a container daemon, anapplication image, the application image being associated with thetenant-unaware process; creating a container associated with the tenant;and launching the application image in the container.
 5. The method ofclaim 4, wherein the accessed application image is stored in anapplication image repository.
 6. The method of claim 4, wherein streamsof the application image are redirected to the tenant specific virtualfilesystem, wherein streams of the application image comprise at leastone of an input stream, an output stream, and an error stream.
 7. Themethod of claim 1, wherein the tenant-unaware process invoked from thecalling partition of the plurality of partitions is part of a compositeapplication, the composite application further comprising a tenant awareapplication running in the context of the calling partition of theplurality of partitions.
 8. A system for supporting tenant scopedexecution of a tenant-unaware process invoked from a multitenantmiddleware application, comprising: one or more computers, including anapplication server environment executing thereon, together with aplurality of partitions, wherein each partition provides anadministrative and runtime subdivision of a domain, and a plurality oftenant-aware programs, wherein each tenant-aware program is associatedwith one of the plurality of partitions, wherein each of the pluralityof partitions and the plurality of tenant-aware programs are associatedwith a tenant of a plurality of tenants, for use by the tenant; andwherein a calling partition of the plurality of partitions invokes thetenant-unaware process, the calling partition being associated with acalling tenant of the plurality of tenants; wherein tenancy informationabout the calling tenant is collected; wherein, based upon the collectedtenancy information, execution of the tenant-unware process is scoped tothe tenant by setting up a process execution environment and resources;wherein scoping execution of the tenant-unaware process to the callingtenant comprises: launching the tenant-unware process as a containerizedprocess, the containerized process comprising libraries and executablesassociated with the tenant-unware process; wherein the containerizedprocess is a standalone process capable of isolating execution of thetenant-unaware process to the calling tenant from other tenants of themultitenant middleware environment.
 9. The system of claim 8, wherein,based upon the collected tenancy information about the calling tenant, atenant specific virtual filesystem is created, wherein the tenantspecific virtual filesystems comprises an input subdirectory, an outputsubdirectory, a database subdirectory, and an error subdirectory. 10.The system of claim 9, wherein after completion of the tenant-unwareprocess, the tenant unaware process accesses a tenant-specific databaseusing a wallet.
 11. The system of claim 10, wherein launching thetenant-unware process as a containerized process comprises: accessing,from a container daemon, an application image, the application imagebeing associated with the tenant-unaware process; creating a containerassociated with the tenant; and launching the application image in thecontainer.
 12. The system of claim 11, wherein the accessed applicationimage is stored in an application image repository.
 13. The system ofclaim 11, wherein streams of the application image are redirected to thetenant specific virtual filesystem, wherein streams of the applicationimage comprise at least one of an input stream, an output stream, and anerror stream.
 14. The system of claim 8, wherein the tenant-unawareprocess invoked from the calling partition of the plurality ofpartitions is part of a composite application, the composite applicationfurther comprising a tenant aware application running in the context ofthe calling partition of the plurality of partitions.
 15. Anon-transitory computer readable storage medium, including instructionsstored thereon for supporting tenant scoped execution of atenant-unaware process invoked from a multitenant middleware applicationwhich when read and executed by one or more computers cause the one ormore computers to perform steps comprising: providing, at one or morecomputers, including an application server environment executingthereon, a plurality of partitions, wherein each partition provides anadministrative and runtime subdivision of a domain, and a plurality oftenant-aware programs, wherein each of the plurality of tenant-awareprograms is associated with a partition of the plurality of partitions;associating each of the plurality of partitions and the plurality oftenant-aware programs with a tenant of a plurality of tenants, for useby the tenant; invoking the tenant-unaware process from a callingpartition of the plurality of partitions, the calling partition beingassociated with a calling tenant of the plurality of tenants; collectingtenancy information about the calling tenant; based upon the collectedtenancy information, scoping execution of the tenant-unware process tothe calling tenant by setting up a process execution environment andresources, wherein scoping execution of the tenant-unaware process tothe calling tenant comprises: launching the tenant-unware process as acontainerized process, the containerized process comprising librariesand executables associated with the tenant-unware process; wherein thecontainerized process is a standalone process capable of isolatingexecution of the tenant-unaware process to the calling tenant from othertenants of the multitenant middleware environment.
 16. Thenon-transitory computer readable storage medium of claim 15, the stepsfurther comprising: creating, based upon the collected tenancyinformation about the calling tenant, a tenant specific virtualfilesystem, wherein the tenant specific virtual filesystems comprises aninput subdirectory, an output subdirectory, a database subdirectory, andan error subdirectory.
 17. The non-transitory computer readable storagemedium of claim 16, the steps further comprising: after completion ofthe tenant-unware process, accessing, by the tenant unaware process, atenant-specific database; wherein the tenant unaware process accessesthe tenant-specific database using a wallet.
 18. The non-transitorycomputer readable storage medium of claim 17, wherein launching thetenant-unware process as a containerized process comprises: accessing,by a container daemon, an application image, the application image beingassociated with the tenant-unaware process; and creating a containerassociated with the tenant; and launching the application image in thecontainer; wherein the accessed application image is stored in anapplication image repository.
 19. The non-transitory computer readablestorage medium of claim 18, wherein streams of the application image areredirected to the tenant specific virtual filesystem, wherein streams ofthe application image comprise at least one of an input stream, anoutput stream, and an error stream.
 20. The non-transitory computerreadable storage medium of claim 15, wherein the tenant-unaware processinvoked from the calling partition of the plurality of partitions ispart of a composite application, the composite application furthercomprising a tenant aware application running in the context of thecalling partition of the plurality of partitions.